A company's AWS environment has two VPCs. VPC A has a CIDR block of 192.168.0.0/16. VPC B has a CIDR block of 10.0.0.0/16. Each VPC isdeployed in a separate AWS Region. The company has remote users who work outside the company's offices. These users need to connect toan application that is running in the VPCs.Traffic to and from the VPCs over the internet must be encrypted. A network engineer must set up connectivity between the remote users andthe VPCs.Which combination of steps should the network engineer take to meet these requirements with the LEAST management overhead? (Choosethree.)
A. Establish an AWS Site-to-Site VPN connection between VPC A and VPC B.
B. Establish a VPC peering connection between VPC A and VPC B.
C. Create an AWS Client VPN endpoint in VPC A and VPC B Add an authorization rule to grant access to VPC A and VPC B.
D. Create an AWS Client VPN endpoint in VPC A Add an authorization rule to grant access to VPC A and VPC B.
E. Add a route to the AWS Client VPN endpoint's route table to direct traffic to VPC B.
F. Add a route to the AWS Client VPN endpoint's route table to direct traffic to VPC A.
A company has an AWS environment that includes multiple VPCs that are connected by a transit gateway. The company has decided to useAWS Site-to-Site VPN to establish connectivity between its on-premises network and its AWS environment.The company does not have a static public IP address for its on-premises network. A network engineer must implement a solution to initiatethe VPN connection on the AWS side of the connection for traffic from the AWS environment to the on-premises network.Which combination of steps should the network engineer take to establish VPN connectivity between the transit gateway and the on-premisesnetwork? (Choose three.)
A. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 1 (IKEv1).
B. Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2).
C. Use a private certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
D. Use a public certificate authority (CA) from AWS Private Certificate Authority to create a certificate.
E. Create a customer gateway. Specify the current dynamic IP address of the customer gateway device's external interface.
F. Create a customer gateway without specifying the IP address of the customer gateway device.
A company is migrating applications from a data center to AWS. Many of the applications will need to exchange data with the company's on-premises mainframe.The company needs to achieve 4 Gbps transfer speeds to meet peak traffic demands. A network engineer must design a highly availablesolution that maximizes resiliency. The solution must be able to withstand the loss of circuits or routers.Which solution will meet these requirements?
A. Order four 10 Gbps AWS Direct Connect connections that are evenly spread over two locations. Terminate one connection from eachDirect Connect location to a router at the company location. Terminate the other connection from each Direct Connect location to adifferent router at the company location.
B. Order two 10 Gbps AWS Direct Connect connections that are evenly spread over two locations. Terminate the connection from eachDirect Connect location to a different router at the company location.
C. Order four 1 Gbps AWS Direct Connect connections that are evenly spread over two locations. Terminate one connection from eachDirect Connect location to a router at the company location. Terminate the other connection from each Direct Connect location to adifferent router at the company location.
D. Order two 1 Gbps AWS Direct Connect connections that are evenly spread over two locations. Terminate the connection from each DirectConnect location to a different router at the company location.
A company has 10 web server Amazon EC2 instances that run in an Auto Scaling group in a production VPC. The company has 10 other webservers that run in an on-premises data center. The company has a 10 Gbps AWS Direct Connect connection between the on-premises datacenter and the production VPC.The company needs to implement a load balancing solution that receives HTTPS traffic from thousands of external users. The solution mustdistribute the traffic across the web servers on AWS and the web servers in the on-premises data center. Regardless of the location of the webservers, HTTPS requests must go to the same web server throughout the entire session.Which solution will meet these requirements?
A. Create a Network Load Balancer (NLB) in the production VPC. Create a target group. Specify ip as the target type. Register the EC2instances and the on-premises servers with the target group Enable connection draining on the NLB
B. Create an Application Load Balancer (ALB) in the production VPC. Create a target group Specify ip as the target type. Register the EC2instances and the on-premises servers with the target group. Enable application-based session affinity (sticky sessions) on the ALB.
C. Create a Network Load Balancer (NLB) in the production VPCreate a target group. Specify instance as the target type. Register the EC2instances and the on-premises servers with the target group. Enable session affinity (sticky sessions) on the NLB.
D. Create an Application Load Balancer (ALB) in the production VPC. Create a target group. Specify instance as the target type Registerthe EC2 instances and the on-premises servers with the target group Enable application-based session affinity (sticky sessions) on theALB.
A company has developed a new web application on AWS. The application runs on Amazon Elastic Container Service (Amazon ECS) on AWSFargate behind an Application Load Balancer (ALB) in the us-east-1 Region. The application uses Amazon Route 53 to host the DNS recordsfor the domain. The content that is served from the website is mostly static images and files that are not updated frequently. Most of thetraffic to the website from end users will originate from the United States. Some traffic will originate from Canada and Europe.A network engineer needs to design a solution that will reduce latency for end users at the lowest cost. The solution also must ensure that alltraffic is encrypted in transit until the traffic reaches the ALB.Which solution will meet these requirements?
A. Configure the ALB to use an AWS Global Accelerator accelerator in us-east-1. Create a secure HTTPS listener. Create an alias record inAmazon Route 53 for the custom domain name. Configure the alias record to route to the DNS name that is assigned to the accelerator forthe ALB.
B. Configure the ALB to use a secure HTTPS listener. Create an Amazon CloudFront distribution. Set the origin domain name to point tothe DNS record that is assigned to the ALConfigure the CloudFront distribution to use an SSL certificate. Set all behaviors to force HTTPS.Create an alias record in Amazon Route 53 for the custom domain name. Configure the alias record to route to the DNS name that isassigned to the ALB.
C. Configure the ALB to use a secure HTTPS listener. Create an Amazon CloudFront distribution. Set the origin domain name to point tothe DNS record that is assigned to the ALB. Configure the CloudFront distribution to use an SSL certificate and redirect HTTP to HTTPS.Create an alias record in Amazon Route 53 for the custom domain name. Configure the alias record to route to the CloudFront distribution.
D. Configure the ALB to use an AWS Global Accelerator accelerator in us-east-1. Create a secure HTTPS listener. Create a secondapplication stack on Amazon ECS on Fargate in the eu-west-1 Region. Create another secure HTTPS listener. Create an alias record inAmazon Route 53 for the custom domain name. Configure the alias record to use a latency-based routing policy to route to the DNS namethat is assigned to the accelerator for the ALBs.
A company deploys an internal website behind an Application Load Balancer (ALB) in a VPC. The VPC has a CIDR block of 172.31.0.0/16. Thecompany creates a private hosted zone for the domain example.com for the website in Amazon Route 53. The company establishes an AWSSite-to-Site VPN connection between its office network and the VPC.A network engineer needs to set up a DNS solution so that employees can visit the internal webpage by accessing a private domain URL(https://example.com) from the office network.Which combination of steps will meet this requirement? (Choose two.)
A. Create an alias record that points to the ALB in the Route 53 private hosted zone.
B. Create a CNAME record that points to the ALB internal domain in the Route 53 private hosted zone.
C. Create a Route 53 Resolver inbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries tothe Route 53 Resolver inbound endpoint.
D. Create a Route 53 Resolver outbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queriesto the Route 53 Resolver outbound endpoint.
E. On the office DNS server, configure a conditional forwarder for the private domain to the VPC DNS at 172.31.0.2.
A company is deploying AWS Cloud WAN with edge locations in the us-east-1 Region and the ap-southeast-2 Region. Individual AWS CloudWAN segments are configured for the development environment, the production environment, and the shared services environment at eachedge location. Many new VPCs will be deployed for the environments and will be configured as attachments to the AWS Cloud WAN corenetwork.The company's network team wants to ensure that VPC attachments are configured for the correct segment. The network team will tag theVPC attachments by using the Environment key with a value of the corresponding environment segment name. The segment for theproduction environment in us-east-1 must require acceptance for attachment requests. All other attachment requests must not requireacceptance.Which solution will meet these requirements?
A. Create a rule with a number of 100 that requires acceptance for attachments to the production segment. In the rule, set the conditionlogic to the "or" value. Include conditions that require a tag:Environment value of Production or a Region value of us-east-1. Create a rulewith a number of 200 that does not require acceptance to map any tag:Environment values to their respective segments.
B. Create a rule with a number of 100 that requires acceptance for attachments to the production segment. In the rule, set the conditionlogic to the "and" value. Include conditions that require a tag:Environment value of Production and a Region value of us-east-1. Create arule with a number of 200 that does not require acceptance to map any tag.Environment values to their respective segments.
C. Create a rule with a number of 100 that does not require acceptance to map any tag:Environment values to their respective segments.Create a rule with a number of 200 that requires acceptance for attachments to the production segment. In the rule, set the conditionlogic to the "and" value. Include conditions that require a tag:Environment value of Production and a Region value of us-east-1.
D. Create a rule with a number of 100 that does not require acceptance to map any tag:Environment values to their respective segments.Create a rule with a number of 200 that requires acceptance for attachments to the production segment. In the rule, set the conditionlogic to the "or" value. Include conditions that require a tag:Environment value of Production or a Region value of us-east-1.
A marketing company is using hybrid infrastructure through AWS Direct Connect links and a software-defined wide area network (SD-WAN)overlay to connect its branch offices. The company connects multiple VPCs to a third-party SD-WAN appliance transit VPC within the sameaccount by using AWS Site-to-Site VPNs.The company is planning to connect more VPCs to the SD-WAN appliance transit VPC. However, the company faces challenges of scalability,route table limitations, and higher costs with the existing architecture. A network engineer must design a solution to resolve these issues andremove dependencies.Which solution will meet these requirements with the LEAST amount of operational overhead?
A. Configure a transit gateway to attach the VPCs. Configure a Site-to-Site VPN connection between the transit gateway and the third-partySD-WAN appliance transit VPC. Use the SD-WAN overlay links to connect to the branch offices.
B. Configure a transit gateway to attach the VPCs. Configure a transit gateway Connect attachment for the third-party SD-WAN appliancetransit VPC. Use transit gateway Connect native integration of SD-WAN virtual hubs with AWS Transit Gateway.
C. Configure a transit gateway to attach the VPCs. Configure VPC peering between the VPCs and the third-party SD-WAN appliance transitVPUse the SD-WAN overlay links to connect to the branch offices.
D. Configure VPC peering between the VPCs and the third-party SD-WAN appliance transit VPC. Use transit gateway Connect nativeintegration of SD-WAN virtual hubs with AWS Transit Gateway.
A company is running a hybrid cloud environment. The company has multiple AWS accounts as part of an organization in AWS Organizations.The company needs a solution to manage a list of IPv4 on-premises hosts that will be allowed to access resources in AWS. The solution mustprovide version control for the list of IPv4 addresses and must make the list available to the AWS accounts in the organization.Which solution will meet these requirements?
A. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWSResource Access Manager. Add the managed prefix list to the resource share. Share the resource with the organization.
B. Create a customer-managed prefix list. Add entries for the initial list of on-premises IPv4 hosts. Use AWS Firewall Manager to share themanaged prefix list with the organization.
C. Create a security group. Add inbound rule entries for the initial list of on-premises IPv4 hosts. Create a resource share in AWS ResourceAccess Manager. Add the security group to the resource share. Share the resource with the organization.
D. Create an Amazon DynamoDB table. Add entries for the initial list of on-premises IPv4 hosts. Create an AWS Lambda function thatassumes a role in each AWS account in the organization to authorize inbound rules on security groups based on entries from theDynamoDB table.
A company's application is deployed on Amazon EC2 instances in a single VPC in an AWS Region. The EC2 instances are running in twoAvailability Zones. The company decides to use a fleet of traffic inspection instances from AWS Marketplace to inspect traffic between the VPCand the internet. The company is performing tests before the company deploys the architecture into production.The fleet is located in a shared inspection VPC behind a Gateway Load Balancer (GWLB). To minimize the cost of the solution, the companydeployed only one inspection instance in each Availability Zone that the application uses.During tests, a network engineer notices that traffic inspection works as expected when the network is stable. However, during maintenance ofthe inspection instances, the internet sessions time out for some application instances. The application instances are not able to establishnew sessions.Which combination of steps will remediate these issues? (Choose two.)
A. Deploy one inspection instance in the Availability Zones that do not have inspection instances deployed.
B. Deploy one additional inspection instance in each Availability Zone where the inspection instances are deployed.
C. Enable the cross-zone load balancing attribute for the GWLB.
D. Deploy inspection instances in an Auto Scaling group. Define a scaling policy that is based on CPU load.
E. Attach the GWLB to all Availability Zones in the Region.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.